Let the Phoenix rise!

Transcription

1 MWLUG 19 th 21 st August 2015 #MWLUG2015 MWLUG 19 th 21 st August #ICONUK2015 Let the Phoenix rise! Rationalise your IBM Domino environment

2 Introduction Stephanie Heit Director, BCC Arshad Khalid Director of Technical IBM Champion

3 Agenda Agenda What We Do IT Challenges Today What's the Solution? Case Studies Large Insurance Company: Boost Domino Security Global Bank: Standardise Administration Global Investment Firm: Streamline Application Management Summary Questions

4 What We Do Solutions for securing Notes/Domino infrastructure Automate underlying administration processes Ensure regulatory compliance Our solutions help organisations to Reduce risk Improve efficiency by securing and streamlining existing processes Lower cost. Over 800 customers

5 Agenda Agenda What We Do IT Challenges Today What's the Solution? Case Studies Large Insurance Company: Boost Domino Security Global Bank: Standardise Administration Global Investment Firm: Streamline Application Management Summary Questions

6 IT Challenges Today

7 The Cost Pressure The demands in IT are growing and assurance of safe operations to make powerful and efficient systems is the prime goal More than 80% of IT companies are under enormous increasing cost pressures 7

8 Compliance Requirements Sarbanes Oxley (SOX) regulations for investments and securities FINRA regulations for investments and financial advisors HIPAA regulations for the protection and privacy of health information Any company that deals with protected health information (PHI) must ensure that all the required physical network and process security measures are in place and followed

9 The Cost of Not Being Compliant Brand Damage Fines for Non-Compliance Litigation Expenses Examples $1.45 billion judgement against Morgan Stanley for being unable to produce reliable s in the course of fraud litigation $2.5 million fine against Merrill Lynch for failing to promptly produce s over a period of 17 months

10 Data Security and Integrity High level admin skills are required Admins have unfettered access to sensitive information When people used to ask me what I wanted for Christmas, I always said, "Please give me a way I can get into an evil user's mail file without sparking up the client on the server or mapping a drive to the server." Santa gave me what I wanted - the wonderful functionality called Full Access Administrator.

11

12 Example: NSA Why did they have a Security Leak? The scariest threat is the systems administrator. The system administrator has godlike access to systems they manage. Eric Chiu, Hytrust, Security Advisor

13 Agenda Agenda What We Do IT Challenges Today What's the Solution? Case Studies Large Insurance Company: Boost Domino Security Global Bank: Standardise Administration Global Investment Firm: Streamline Application Management Summary Questions

14 What's the Solution? Additional monitoring systems Reduce required access rights Provide system log trails Implement a two-man rule to reduce risk Ensure compliance by having a central audit proof log to record all actions Let machines do things that they re better at doing Reduction in TCO comes for free!

15 Automation is KEY! Security Compliance Reduce TCO Automation

16 Agenda Agenda What We Do IT Challenges Today What's the Solution? Case Studies Large Insurance Company: Boost Domino Security Global Bank: Standardise Administration Global Investment Firm: Streamline Application Management Summary Questions

17 Case Study: Large US Mutual Life Insurance Co Boost Domino Security Challenges Monitor, audit, log & report Notes admins activities Changes in Domino Directory (open, add, update, delete) Database ACL changes Document changes Prevent (if possible) Unauthorised access to mailboxes Level 3 personnel are assigned full administrator rights to perform support functions. Domino does not have a native auditing tool that would allow me to review if the administrators are making undocumented changes or reading user mailboxes.

18 Case Study: Large US Mutual Life Insurance Co Boost Domino Security Options Use Domino monitoring Not enough Develop monitoring/auditing internally Needs to be maintained Investment of time and effort Not standard Use a third party product Trusted by other customers Standardised features Maintenance is done by the vendor Move away from IBM Domino!

19 Case Study: Large US Mutual Life Insurance Co Boost Domino Security Solution Three key elements for IBM Domino Server Security Server ID Database Access Document Access & Change

20 Case Study: Large US Mutual Life Insurance Co Boost Domino Security Solution Detailed monitoring in real time Track access Track modifications at field level Old entry New entry Prevent changes in real time Control Domino access rights Even for Domino admins/managers Block access Block changes

21 Case Study: Large US Mutual Life Insurance Co Boost Domino Security Solution Provide an additional security layer Beyond ACL and document access rights Manager, Designer or Editors are not allowed to perform changes Add security at document field level Provide different security settings for single fields in a document Manager, Designer or Editors are not allowed to change defined fields

22 Why protect your Domino Server ID? What IBM says We understand that most Domino servers are not password-protected to make unattended reboots simpler, but the vault server's ID file is a key element in the security of your ID vault..a sophisticated attacker with a vault database and one of the corresponding server IDs...would have all of the cryptographic information needed to masquerade as the vault server and decrypt all of the ID files stored in the vault

23 Why protect your Domino Server ID?

24 Case Study: Large US Mutual Life Insurance Co Boost Domino Security Solution Protect Server ID with passwords Assign random password to server id Provide password at startup Automatic restart possible Protect ACL Prevent ACL Changes Track ACL Changes Control changes with approval workflow Protect Notes document beyond ACL settings Track access to document Prevent opening, modification or deletion Control field level changes with approval workflow

25 Agenda Agenda What We Do IT Challenges Today What's the Solution? Case Studies Large Insurance Company: Boost Domino Security Global Bank: Standardise Administration Global Investment Firm: Streamline Application Management Summary Questions

26 Case Study: Global Bank Standardise Administration Challenges 100k users world wide Reduce operating costs by 50% Adhere to compliance regulations Implement a standard universal user ID access management system Used for On boarding Locking Unlocking Deleting Admins spending a lot of time on mundane tasks

27 Case Study: Global Bank Standardise Administration Initial Situation Lot of development efforts Manual monitoring Highly skilled administrators required Frequency of human errors can be high High access rights required Using internal Tools Domino Administrator Client Compliance issue

28 Case Study: Global Bank Standardise Administration Solution Delegate the tasks to Helpdesk, HR Provide Self Service thru Request based architecture 1.Organise 2.Standardise Convert admin tasks to an IT Process A detailed checklist for every task Simple standard system environment running the most current IBM Domino release Processing checklists by rules, profiles and backend server tasks Ensuring Compliance by having a central log database to automatically record all actions Reduce access rights! 3.Automate

29 Request #ICONUK2015 Case Study: Global Bank Standardise Administration Expected rule based UserID Creation of Person document in DominoDirectory Group entries corresponding to the user are set in the profile Mail file replica including cluster created Password calculated and distributed via Mail / print or fax / SMS Data directory of the user created Basic settings stored, Address Book, Workspace User gets links, necessary applications on the Workspace / Bookmarks

30 Request #ICONUK2015 Case Study: Global Bank Standardise Administration Send confirmation mail to requestor Send information mail to business owner Create Reporting entry Send welcome mail to new user

31 Case Study: Global Bank Standardise Administration Solution Simplified System Administration Standardised technical procedures Automation with Self-Service Application User and group management Mail-In databases Result: Reduction of management costs by 50% Return on Investment in 8 Months

32 Agenda Agenda What We Do IT Challenges Today What's the Solution? Case Studies Large Insurance Company: Boost Domino Security Global Bank: Standardise Administration Global Investment Firm: Streamline Application Management Summary Questions

33 Case Study: Global Investment Firm Streamline Application Management Challenges Use an approval process for: Updating application design Deploying new applications Blocking access to an application Requesting access to an application Locking and deleting an application Simplify the application management process Automatic design update Reduce dependence on manual intervention Audit all changes for compliance

34 Case Study: Global Investment Firm Streamline Application Management Solution Convert Administration Tasks to request forms Configure Server Tasks to execute the request form accordingly Define standard output

35 Request #ICONUK2015 Case Study: Global Investment Firm Streamline Application Management - Solution NSF file is created/updated from template ACL group(s) in the Domino Directory, are created with all entries ACL group(s) in added to the Database with appropriate access levels is sent to requestor on success, Any error is notified to Admin

36 Case Study: Global Investment Firm Streamline Application Management Solution Simplified Application Management App Developers create requests to update app designs without having access to signer ID Requests go through approval workflow Tasks can be scheduled for off-peak times Automation with (almost) no manual intervention Full application life cycle Access granted on request Result: Reduction in admin effort Audit proof logging

37 Agenda Agenda What We Do IT Challenges Today What's the Solution? Case Studies Large Insurance Company: Boost Domino Security Global Bank: Standardise Administration Global Investment Firm: Streamline Application Management Summary Questions

38 Benefits for Admin/IT Department Simplify administration Close security gaps, take off responsibility from admins to prevent configuration misuse Concentrate on mission-critical projects and strategic measures Reduce dependency on internal tools and scripts No requirement of customized training

39 Benefits for Organisations Enhance system security Adhere to Compliance policies Enhance process reliability through request-based change management with approval cycles Provide full control and automated documentation of all configuration changes Reduce IBM Notes/Domino infrastructure administration cost

40 Benefits for Auditors/Security Officers One place to check for documentation of configuration changes Reliable information about unauthorised access or modification attempts. Audit-proof documentation of access to data on Domino servers.

41 Summary Prevent/track unauthorised access Secure server ID Log changes Reduce risk Adhere to guidelines Avoid penalties Corporate governance Standardise & Automate Standardise processes Self-service Reduce human error Reduce TCO

42 It s a wrap! Stephanie Heit Arshad Khalid BCC Thank You!